package com.xul.crowd.filter;

import com.netflix.zuul.ZuulFilter;
import com.netflix.zuul.context.RequestContext;
import com.netflix.zuul.exception.ZuulException;
import com.xul.crowd.constant.AccessPassResources;
import com.xul.crowd.constant.CrowdConstant;
import com.xul.entity.vo.MemberLoginVo;
import org.springframework.stereotype.Component;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.IOException;

/**
 * @author xul
 * @create 2021-07-29 21:48
 */
@Component
public class CrowdAccessFilter extends ZuulFilter {
    @Override
    public String filterType() {
        // 这里返回"pre"意思是目标微服务前执行过滤
        return "pre";
    }

    @Override
    public int filterOrder() {
        return 0;
    }

    /**
     * 放行相关的资源
     *
     * @return
     */
    @Override
    public boolean shouldFilter() {
        // 1.获取RequestContext对象
        RequestContext currentContext = RequestContext.getCurrentContext();
        // 2.通过当前的requestContext对象获取当前的请求对象(底层的框架借助 ThreadLocal 从当前的线程上获取事先绑定的Request对象)
        HttpServletRequest request = currentContext.getRequest();
        // 3.获取servletPath的值
        String servletPath = request.getServletPath();

        // 4.根据 servletPath 判断当前请求是否对应可以直接放行的特定功能
        boolean containsResult = AccessPassResources.PASS_RES_SET.contains(servletPath);
        // 强行判断放行/project/get/project/detail/
        boolean detailContains = servletPath.contains("/project/get/project/detail/");
        if (containsResult || detailContains) {
            // 5.如果当前请求是可以直接放行的特定功能请求则返回 false 放行
            return false;
        }
        // 6.判断当前请求是否为静态资源
        // 工具方法返回 true：说明当前请求是静态资源请求，取反为 false 表示放行不做登录检查
        // 工具方法返回 false：说明当前请求不是可以放行的特定请求也不是静态资源，取反为 true 表示需要做登录检查
        return !AccessPassResources.judgeCurrentServletPathWetherStaticResource(servletPath);
    }

    /**
     * 判断用户有没有登录 没登陆就会重定向到登录页面
     *
     * @return
     * @throws ZuulException
     */
    @Override
    public Object run() throws ZuulException {
        // 1.获取当前请求对象
        RequestContext currentContext = RequestContext.getCurrentContext();
        HttpServletRequest request = currentContext.getRequest();
        // 2.获取当前session对象
        HttpSession session = request.getSession();
        // 3.尝试在session对象中获取已经登录的账号
        MemberLoginVo loginMember = (MemberLoginVo) session.getAttribute(CrowdConstant.ATTR_NAME_LOGIN_MEMBER);
        // 4.判断loginMember是否为空
        if (loginMember == null) {
            // 5.从requestContext对象中获取Response对象
            HttpServletResponse response = currentContext.getResponse();
            session.setAttribute(CrowdConstant.ATTR_NAME_MESSAGE, CrowdConstant.MESSAGE_ACCESS_FORBIDDEN);

            try {
                // 7.重定向到auth-consumer工程中的登录页面
                response.sendRedirect("/auth/member/to/login/page.html");
            } catch (IOException e) {
                e.printStackTrace();
            }
        }
        return null;
    }
}
